Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hack and protect your Android app

Slvn
June 17, 2013

Hack and protect your Android app

Android apk decompilation, and more, slides from my talk @Droidcon Paris 2013

Copyright Genymobile 2013.

Slvn

June 17, 2013
Tweet

More Decks by Slvn

Other Decks in Programming

Transcript

  1. SDK • Extract .apk • Retrieve some of the ressources

    apktool • Retrieve all the ressources (.xml) • Smali code dex2jar and Java Decompiler • Most of the code in Java What can we do ?
  2. Forward locking • apk not directly extractable Proguard • Obfuscation

    • Optimisation Some other ways... • .dex encryption • aapt modified • logic on server • ... How can I protect my sources ?
  3. When should I protect my sources ? Whenever you want

    ! Just keep in mind that you should have a good reason. But keep in mind that... .. one motivated guy with enough ressources can break anything.
  4. Audit your build ! • Check if the code is

    up-to-date • Verify obfuscation ! • Find some build issues
  5. Can we eplore a device's framework ? • Yes, we

    can. • Can help you to debug your app sometimes • Discover manufacturers private APIs • And they are really invasive...
  6. Android decompiler • http://www.android-decompiler.com 1,000$ full, interractive solution. Automation API

    Dexter • http://dexter.dexlabs.org Upload your apk for an analysis Various • http://www.nothink.org/sandbox_and_utilities.php ◦ Android This is a business !
  7. • Be sure to protect your code if necessary •

    You can use those tools on your own .apk • Do not hesitate to check device/framework code • Do not fight the hackers by annoying your users Conclusion